According to security researcher @TibitXimer (A.K.A. Dylan) his Skype account was stolen six times, and now claims all Skype user accounts are vulnerable to the same fate due to Skype's flimsy account recovery practices - which are especially thin, as he discovered the hard way, when contacting customer service.

Privacy? What Privacy?

The Federal Government has awarded an Israeli firm, Elbit Systems, with headquarters in Haifa, Isreal a $40million contract to help monitor citizens' computers and internet communications.

An online publication; Premium Times posted that the contract was under the guise of intelligence gathering and national security.

Elbit wrote Premium Times announced the contract award Wednesday in a global press release but was silent on the Nigerian destination of the contract. Its general manager, Yehuda Vered, announced that "Elbit Systems will supply its Wise Intelligence Technology (WiT) system to an unnamed country in Africa under a new $40 million contract announced on 24 April... for Intelligence Analysis and Cyber Defense," but effusively claimed, in the statement, that his company is "proud to be selected to supply this unique system, which is already field-proven, fully operational and customisable".

"Elbit Systems is a world leader in the fields of intelligence analysis and cyber defense, with proven solutions highly suitable for countries, armies and critical infrastructure sites. We hope that additional customers will follow in selecting our highly advanced and cutting edge systems in these fields as their preferred solution," Mr. Vered added.

However, a reliable source at the Israeli Embassy confirmed to LEADERSHIP last night that Nigeria is the unnamed African country' but declined to avail it further information. Nonetheless, the source assured that an official statement would be issued in due course.

Also a source in the office of the National Security Adviser (NSA) confirmed the development and disclosed that officials from the NSA's office would be traveling to Haifa for the assignment.

Meanwhile, the online publication quoting sources further revealed that the contract will now help the present government access all computers and read all email correspondences of citizens.

Notwithstanding that such approach amounts to an infringement on constitutionally guaranteed freedom of expression.

In terms of computer and internet usage, Nigerian citizens are the 10th in a global ranking that makes them 27 per cent of Africa's total Internet users, far ahead of Egypt [19th global ranking] and South Africa 37th in global ranking].

Studies show that the growth path of the Internet in Nigeria has been dramatic, rising from a mere 200,000 Internet users in 2002 to 47 million this year. The finding is contained in a data from the Global Internet user, one of the Internet audit groups.

It could be recalled that early April, researchers at the Munk School for Global Affairs at the University of Toronto alerted the world that Nigeria, Egypt, and Kenya were deploying Internet surveillance and censorship technology developed by an American company; Blue Coat.

Source: http://allafrica.com/stories/201304261136.html

Digiss has partnered with a leader in Data Loss Prevention Solution - DeviceLock

This will enable us offer a best-in-class DLP solution to our customer base.

The Endpoint DLP Suite consists of three software modules that help protect organisations from three general categories of data leak threats:

DeviceLock provides network administrators the ability to set and enforce contextual policies for how, when, where to, and by whom data can or can’t be moved to or from company laptops or desktop PCs via devices like phones, digital cameras, USB sticks, CD/DVD-R, tablets, printers or MP3 players. In addition, policies can be set and enforced for copy operations via the Windows Clipboard, as well as screenshot operations on the endpoint computer.

NetworkLock adds contextual-level control of user network communications via the Internet through such means as: company email, personal webmail, instant messaging services, social networks (like Facebook, Google+, Twitter), web surfing, FTP file transfers, as well as cloud-based file sharing services like Dropbox, SkyDrive and Google Drive.

ContentLock adds the capability to look inside files and other data objects (like emails and webmails, chats, blog posts, etc.) for sensitive information like social security numbers, credit card numbers, bank account numbers or other user-definable information and to make block-or-allow decisions based on policies having to do with file contents.

The combination of all three of these modules working together is the DeviceLock Endpoint DLP Suite. The Endpoint DLP Suite provides protection against local and network data leaks at the endpoint (laptop, desktop or server) via a wide array of threat vectors.

Contact us today for more information on how we can meet your DLP needs.

02 April 2012

According to a blog post on krebsonsecurity.com, Global Payments, the company that processes credit and debit card transactions late Friday, said in a statement Sunday that the incident involved at least 1.5 million accounts. The news comes hours ahead of a planned conference call with investors, and after Visa said it had pulled its seal of approval for the company. disclosed a breach of its systems

It remains unclear whether there are additional accounts beyond these 1.5 million that were exposed by the breach; the company’s statement seems to be focusing on the number of cards it can confirm that thieves offloaded from its systems.

It’s also unclear how Global Payments’ timeline of the incident meshes with that of MasterCard and Visa. In an alert sent to card-issuing banks that was first reported early Friday by KrebsOnSecurity.com, the card associations said the window of vulnerability for the breached processor (at that time unnamed) was between Jan. 21, 2012 and Feb. 25, 2012. The alert also said that full Track 1 and Track 2 data was exposed, meaning thieves could use the stolen information to counterfeit new cards.

Yet, in a statement Friday, Global Payments said its own security systems identified and self-reported the breach, which it said was detected in early March 2012: “It is reassuring that our security processes detected an intrusion,” the company said.

In its follow-up statement Sunday, the company mentioned only that “Track 2 card data may have been stolen, but that cardholder names, addresses and social security numbers were not obtained by the criminals.” (For more info on the data contained on Track 1 and Track 2, see this explainer).

In any event, The Wall Street Journal is reporting that Visa took the step over the weekend of distancing itself from Global Payments, by removing the company from its list of those it considers to be compliant service providers. That list is huge, and is available here (PDF).

At the same time, a technical glitch affecting the Visa network barred some people around the United States from using their credit and debit cards for about 45 minutes on Sunday. Visa told The Associated Press that the outage was caused by an update it made to its system, but that the problem was unrelated to the Global Payments breach.

The apparent discrepancy over the timeline of the Global Payments breach and the means by which it was discovered and reported leaves several unanswered questions: Was the initial alert by Visa and MasterCard that prompted this story related to a separate breach? If so, was Global Payments involved?

Investigation efforts by the FBI and Scotland Yard were undermined as the infamous 'hacktivist' group - Anonymous - managed to listen in on conference call conversation between the FBI and some European law enforcement agencies. The 16-minute telephone conversation was recorded, and is now doing the rounds on the Internet. The law enforcement folks can be heard cracking jokes and talking about their key targets although some parts of the audio recording were bleeped out in an effort (by the hacker group) to protect the identities of the criminals being discussed.

The attack was made possible when an FBI agent's e-mail was hacked into. The hackers then managed to acquire details of the conference call, dialled in, and stayed in the background - without being detected by the detectives - throughout the duration of the 16-minute long meeting. This was basic school boy error! No roll call and no 'stock taking' of the expected attendees.

Apparently, the purpose of the call was to strategise on how to uncover the identities of numerous key members of Lulzsec and Anonymous. It turned out that the hunter became the hunted, while the intended prey became the 'daddy'. Leonardo Dicaprio's 'Catch me if you can' movie comes to mind!

It is hoped that the almighty FBI and other security agencies have learned a thing or two from this embarrassing episode.

If you're interested in listening in on the conference call conversation, I suggest you 'google' it now before it's pulled from the nooks and crannies of the Interweb. Infact, try the link below:-)

http://www.gizmodo.co.uk/2012/02/anonymous-hacks-a-cybercop-call-between-britain-and-the-fbi/

A new strain of the Sykipot Trojan is been used to compromise the Department of Defense-sanctioned smart cards used to authorise network and building access at many US government agencies, according to security researchers.

Smart cards are a standard means of granting active duty military staff, selected reserve personnel, civilian employees and eligible contractors access to intranets at US Army, Navy and the Air Force facilities. They can be used to get into buildings or, when used in conjunction with a static password, to access networks.

The Sykipot Trojan was first created three years ago and featured in a number of industrial espionage-style attacks. Researchers at AlienVault captured an adapted version of the malware - specifically designed to circumvent authentication technology supplied by ActivIdentity - in a honeypot around two weeks ago. Subsequent analysis suggests that hackers added a smart card module to existing malware around March 2011.

The development of super-spy software

AlienVault reckons the new strain of Sykipot Trojan was developed by the same Chinese authors that created earlier versions of the malware, first seen around three years ago. Previous builds of the Trojan were promoted by spammed messages that posed as information about the next-generation of US Air Force drones. In reality the message pointed at drive-by-download sites that featured the Sykipot Trojan as a payload and took advantage of various IE and Adobe Reader security flaws, as explained in more detail here.

The malware featured in targeted attacks against aerospace technology firms, among others, that were ultimately designed to extract commercially sensitive information from compromised systems.

The latest run of attacks also features spear phishing emails that attempt to trick marks into clicking on a link that deposits the Sykipot malware onto their machines. This time around the malware uses a key-logger to steal PINs associated with smart cards. Once attackers have authentication codes and associated PINs they gain the same level of trusted access to sensitive networks as the user whose credentials they have stolen.

The cyber-criminals behind the attack are using a version of Sykipot first baked in March 2011 that has featured in dozens of attacks since, according to AlienVault.

Jaime Blasco, AlienVault’s lab manager, told El Reg that Chinese messages in embedded code, the use of command and control servers in China as well as the use of exclusive use of the software in China all provide evidence that Chinese hackers are ultimately behind the attack. Blasco added that the use of dynamic tokens that offer two-factor authentication would thwart this particular line of attack.

AlienVault supplies security event logging technology and does not compete with ActivIdentity. Blasco said it had not supplied either ActivIdentity nor the DoD with malware samples or notification of its research, which was first publicised via an article in the New York Times on Thursday. ActivIdentity's smart cards are standard issue at the DoD and a number of other US government agencies. Other users include Monsanto, BNP Paribas and Air France, the NYT adds.

In response to AlienVault's research, ActivIdentity said in a statement: "We are aware of the recent reports that purportedly identified a new attack method that could hijack smart card-based certificates.

"We take these reports very seriously and are working diligently to investigate the potential threat. At this time, we are confident that the purported threat poses no immediate risk to our customers." ®

Source: The Register, 13/01/2012

With the commencement of the Central Bank of Nigeria’s (CBN) cashless project, Nigeria is set to become a dominant player in Africa’s emerging mobile payments market, analysts have said.

According to the industry analysts, about 20 million Nigerians are expected to be embraced into the formal banking system via mobile money over the next three years. In November, the United Nations Conference on Trade and Development (UNCTAD) had disclosed that 40 million mobile money users currently exist in Africa.

Research firm, Ovum expects this figure to rise to 1.2 billion by 2015. Nigeria, according to analysts, is expected to drive this growth going forward. Kenya is currently the dominant player in Africa’s mobile payment markets with over 20 million subscribers. As at January 2012, Uganda’s mobile money market has expanded to an estimated 1.5 million users between three providers. According to new data from World Wide Worx, 37 percent of South Africa’s cell phone users also use mobile banking services.

Analysts say that with only 25 million bank accounts out of the 167 million population and about 90 million mobile phone subscribers, there exists a huge opportunity for Nigeria to dominate Africa’s mobile payment landscape. Industry analysts argue that given these statistics, there is a margin of between 20 million and 35 million unbanked mobile phone subscribers. They further say that if only ten percent of unbanked mobile phone users subscribe to mobile banking, the scheme would rake in between two million and six million Nigerians into the formal banking system in the first year.

Furthermore, if up to 15 percent subscribe, then the figure would be between 3.5 million and 10.5 million Nigerians embraced into the formal banking system. Sullivan Akala, director, business development, E-transact told Business Day in an interview that Nigeria has the potential to become the largest mobile payment market in Africa. “Yes, Nigeria can dominate Africa’s mobile payment market like it has done with telecommunications. Mobile payment will help CBN achieve its objective of moving Nigeria into a cashless mode faster than any other electronic channel. The world is going mobile.

“It is the technology trend all over the world. Mobile phones are convenient, it is something you can use at any point and anywhere. Other electronic channels don’t have this advantage. For ATMs and PoS, you will have to leave your homes and offices to perform a transaction. For web, you will need an internet connection. The fastest way to promote financial inclusion will be through the mobile phone. Since the inception of banking in Nigeria, banks have only 25 million accounts. But in ten years after successful liberalisation and deregulation of the telecoms sector, we have over 80 million mobile phone subscribers. Mobile money can address that gap by providing basic banking services to the unbanked.

“The mobile phone will now become a virtual account. The adoption rate will be faster than any other electronic channel”.

Emmanuel Okogwale, principal consultant, Mobile Money Africa told Business Day recently that the mobile payment market looks interesting and “will thrive to become the largest market in Africa, depending on the collaborative efforts of all stakeholders. I see strong internal migration driving mobile remittances, strong compelling services like agency banking for the underserved communities.

“Depending on the numbers of final licensees in Nigeria, the market looks promising for potential players. Stakeholders should endeavor to build a shared agent network to serve all the stakeholders. Since agency is the heart of mobile financial services and the agents do not sell primary products of the licensee, unlike in mobile network operator- driven ecosystem. There is a need to source, develop, train and deploy agents on a shared basis”, he added. Industry analysts are generally agreed that the growth and development of mobile payments especially in rural communities, is largely dependent on a solid agent network.”

Industry analysts have expressed their dissatisfaction on the low level of public awareness of Nigeria’s mobile payments scheme can affect inclusion rates. According to them, too much attention has been placed on Point of Sale (PoS) transactions in the CBN’s ‘Cashless Nigeria’ enlightenment programme, at the expense of mobile money, which according to numerous international forecasts, should become a booming industry in no distant time, dramatically changing the face of communications and financial services, by providing a whole new and exciting experience to Nigerians.

Mobile payment, according to them is a fast convenient and affordable way to send money across the country and pay for goods and services, using a mobile phone. In the last three months, the emerging industry has already witnessed the launch of innovative mobile money services from GTBank (in strategic partnership with MTN and Fortis), United Bank for Africa, Stanbic IBTC, Pagatech, E-transact. Besides, the likes of M-Kudi, Monetise, Paycom, and Eartholeum are yet to find their feet. Francis Efe, a mobile payment enthusiast believes that not all licensed mobile money operators will survive. He says: “Some will fall by the way side due to poor financing and issues revolving around technology.”

Source: Businessdayonline; TUESDAY, 03 JANUARY 2012 00:00 by BEN UZOR JR